Attacks on the horizon

zoom

“In technology terms I think ‘consumerisation’ is a huge challenge.” James Lyne, senior technologist, Sophos

Security is a major issue for enterprises across the world and the region. James Lyne, senior technologist at Sophos recently visited the region and sat down with NME to discuss the challenges facing IT professionals in the coming year.

Why are you visiting the Middle East?

Sophos is a company that for many years has had a focus on Europe and the Americas as our prime areas of growth. Increasingly though we are recognising that the Middle East is a significant opportunity for us as a company and we are putting a concerted effort into developing our presence here.

I think what has been very surprising to us is that in visiting customers here we find that our value proposition resonates extremely well with people in the Middle East during this present economic climate.

Frankly we are here to retract Symantec, Trend Micro and McAfee’s market share and to introduce a better product into the market.

Data leakage, malware and attacks are on the rise but given the current financial climate IT managers are under pressure to reduce budgets. Why should they invest in security and what should they be investing in?

I think the message we are hearing from prospects and customers in this region is indeed that investment in new technologies, trying to be more proactive is a risk management exercise, and right now given the impact on the bottom line people are prepared to take chances more so than possibly previously and thus are focusing on core areas of security.

So are we seeing customers adopting anti-virus less, but are people taking anti-virus off the systems? Absolutely not, I think it’s broadly accepted that the malware problem is rife and that the impact of malware on people’s systems is extremely detrimental even in the present financial economy.

Are we seeing a slowdown in the adoption of technologies by the market that are not broadly seen by the market as absolutely crucial for example NAC, data leakage compliance? Absolutely.

I think that the standalone market for data leakage prevention (DLP) is collapsing in on itself very quickly. People see these things as optional.

I think there is something in the phrase, ‘doing more with less’. If I look at our product set and the value proposition we are offering our customers is the ability to take the set piece or even a reclining piece of budget where they know they have to spend on anti-malware technology, the more traditional desktop security and to introduce protection against data loss, DLP, to introduce additional capabilities like encryption, compliance and to help them do more with less.

People really value not just product bundles at this time but actual integration. People don’t have extra resources to throw at administration, it’s not just a question of the cost of the license, it really is about the total cost of ownership and running these systems. People need to be smart about where they invest right now.

Traditional end-point security focused on the malware problem domain is a must. The escalation we have seen in the past six months is a serious problem. We are seeing ten times as much malware over this month as compared to all of last year.

It is significantly more complicated prolific malware then we have seen for quite some time. If you look at it at this moment, then every single instance has targeted an individual. It is incredibly difficult to detect much of this malware with many of the traditional mechanisms that were used for IT security.

Then you get signature anti-virus, if it wasn’t dead last year then it really is dead this year. That’s a significant problem for customers and if you combine that with the fact that the malware authors are absolutely targeting intellectual property, personal identifiable information, assets that in a down economy differentiate you from your competitors then I think that malware is still a problem that people recognise they need to solve.

When it comes to the data leakage market as a whole then I think a great deal of it is hype.

You take the data problem and divide it into accidental and malicious then there is a myriad of solutions that position themselves as being able to comprehensively solve the malicious data leakage problem and frankly that’s not true and it doesn’t work.

I have spoken to people who offer solutions that claim to prevent me pulling out my digital camera and taking a photo by adjusting the screen solution. Clearly rubbish. There are fantastic buzzwords like automatic ontological analysis engine but these solutions are simply not practical.

If you look at data leakage, actually it’s not really a technology problem. That’s not to say you cannot do things in technology terms that help and are good but customers trying to deal with that problem would actually be better off looking at their usage policies and how they serve the user.

The majority of data leakage cases we see are actually related to people accidentally exposing data, trying to use webmail tools, or the many people forwarding their e-mail through external services so they can access them from the road.

Print | Email | Discuss this article

| Share |

READERS' COMMENTS

Click here to post a comment

Add your Comment All posts are sent to the administrator for review and are published only after approval. ArabianBusiness.com reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Arabian Business would like to point out that only comments relevant to the story will be published. Any containing personal insults or inappropriate language will not be approved.
Name *
Remember me on this computer
Email *	(Your email address will not be published)
City
Country
Subject *
Comment *
Notify me of further comments
Enter the words above *
Please click post only once - your comment will not be published immediately.

MORE FROM ARABIANBUSINESS.COM